{"id":28395067,"url":"https://github.com/ome/ansible-role-nginx-proxy","last_synced_at":"2025-10-12T12:35:24.226Z","repository":{"id":45432156,"uuid":"78220360","full_name":"ome/ansible-role-nginx-proxy","owner":"ome","description":"Install Nginx for use as a front-end proxy.","archived":false,"fork":false,"pushed_at":"2024-11-20T15:06:28.000Z","size":195,"stargazers_count":12,"open_issues_count":5,"forks_count":15,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-10-02T06:29:55.877Z","etag":null,"topics":["ansible","nginx","nginx-proxy","role"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/ome/nginx_proxy/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ome.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-01-06T16:22:12.000Z","updated_at":"2025-08-05T05:47:44.000Z","dependencies_parsed_at":"2023-12-18T23:05:52.272Z","dependency_job_id":"9e0df040-0d14-49c8-9834-7b2ca3f96d14","html_url":"https://github.com/ome/ansible-role-nginx-proxy","commit_stats":{"total_commits":172,"total_committers":10,"mean_commits":17.2,"dds":"0.34883720930232553","last_synced_commit":"1a2eb446951fe831126128c747beb6221d142047"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/ome/ansible-role-nginx-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ome%2Fansible-role-nginx-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ome%2Fansible-role-nginx-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ome%2Fansible-role-nginx-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ome%2Fansible-role-nginx-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ome","download_url":"https://codeload.github.com/ome/ansible-role-nginx-proxy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ome%2Fansible-role-nginx-proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279011295,"owners_count":26084928,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","nginx","nginx-proxy","role"],"created_at":"2025-05-31T19:33:34.900Z","updated_at":"2025-10-12T12:35:24.191Z","avatar_url":"https://github.com/ome.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"Nginx Proxy\n===========\n\n[![Actions Status](https://github.com/ome/ansible-role-nginx-proxy/workflows/Molecule/badge.svg)](https://github.com/ome/ansible-role-nginx-proxy/actions)\n[![Ansible Role](https://img.shields.io/badge/ansible--galaxy-nginx_proxy-blue.svg)](https://galaxy.ansible.com/ui/standalone/roles/ome/nginx_proxy/)\n\nInstall Nginx for use as a front-end proxy.\n\n\nDependencies\n------------\n\nRequires the `nginx` role (automatically included).\n\n\nRole Variables: Main Nginx configuration\n----------------------------------------\n\n- `nginx_proxy_worker_processes`: Number of worker processes, default 1\n- `nginx_proxy_worker_connections`: Number of worker connections, default 1024\n- `nginx_proxy_buffers`: Number and size of proxy buffers (optional)\n- `nginx_dynamic_proxy_resolvers`: If the proxied servers are referred to by hostname instead of IP addresses you must provide at least one DNS server\n\n\nRole Variables: Main site\n-------------------------\n\n- `nginx_proxy_server_name`: The server name, default `$hostname`.\n  Set this if you are configuring a virtualhost.\n- `nginx_proxy_listen_http`: Listen on this port, default `80`.\n- `nginx_proxy_cachebuster_port`: An alternative port which can be used to force a cache refresh, disabled by default.\n  You should ensure this is firewalled.\n  You must also set `nginx_proxy_cachebuster_enabled` to enable this for individual sites.\n- `nginx_proxy_404`: The URI to show for 404 errors, default ''.\n- `nginx_proxy_log_format_custom`: Additional Nginx log format, will be named `custom`. This only adds the format, to use it as the default log format you should set `nginx_proxy_log_format: custom`.\n\nSSL variables:\n\n- `nginx_proxy_ssl`: If `True` enable SSL on port `443`, default `False`\n- `nginx_proxy_hsts_age`: The max-age in seconds for a HSTS (HTTP Strict Transport Security) header, default is to omit this header\n- `nginx_proxy_http2`: If `True` enable HTTP2, default `False`\n- `nginx_proxy_force_ssl`: If `True` permanently redirect all `http` requests to `https`, default `False`\n\nIf SSL is enabled you should install the certificates on the server and set the following two variables:\n\n- `nginx_proxy_ssl_certificate`: Server path to SSL certificate\n- `nginx_proxy_ssl_certificate_key`: Server path to SSL certificate key\n\nOptionally this role can handle the certificate installation for you, if you specify the local source paths (default empty, you must handle the installation yourself):\n\n- `nginx_proxy_ssl_certificate_source_path`: Local path to SSL certificate\n- `nginx_proxy_ssl_certificate_key_source_path`: Local path to SSL certificate key\n\nBackend servers:\n\n- `nginx_proxy_backends`: List of dictionaries of backend servers with fields\n  - `name`: A variable name for proxies using dynamic IP (ignored for static IPs)\n  - `location`: The URL location\n  - `limit_methods`: Limit to these HTTP methods only, default all\n  - `server`: The backend server including scheme\n  - `dynamic`: If `True` lookup IP on every request, default `False` (only lookup at startup).\n  - `cache_validity`: The time that an object should be cached for, if omitted caching is disabled for this backend\n  - `websockets`: If `True` enable proxying of websockets, default `False`\n  - `websocketsonly`: If `True` and `websockets: True` only allow websocket requests, otherwise return HTTP status 400, default `False`\n  - `read_timeout`: The proxy read timeout, optional\n  - `host_header`: Optionally set the Host header, you shouldn't need to set this unless you're trying to work around bugs in applications\n  - `maintenance_flag`: Name of an optional local flag file used to indicate the backend is undergoing maintenance, if this file exists `maintenance_uri` will be returned for this location with a `503` error\n  - `maintenance_uri`: URI to a maintenance page that will be returned if the `maintenance_flag` file exists\n\n- `nginx_proxy_upstream_servers`: List of dictionaries of backend servers used for load-balancing with fields:\n  - `name`: The name of the load-balancing group (can be referenced in `nginx_proxy_backends.[].server`)\n  - `balance`: Load balancing algorithm\n  - `servers`: List of backend servers to be load-balanced\n  - `additional`: List of additional directives\n\n- `nginx_proxy_streams`: List of dictionaries of backend streaming servers\n  - `name`: A variable name used for grouping multiple upstream servers\n  - `port`: The port Nginx should listen on\n  - `servers`: A list of backend servers, each item may include server specific parameters\n  - `timeout`: Timeout between successive reads/writes\n  - `connect_timeout`: Backend connection timeout\n\nWarning: Using non-standard http ports in `nginx_proxy_streams` may lead to SELinux failures. This role will attempt to configure SELinux but may fail.\n\nRedirection:\n\n- `nginx_proxy_redirect_map`: List of dictionaries of URL redirects with fields:\n  - `match`: The request uri to match (operators such as ~ are allowed, matching can include query arguments)\n  - `dest`: The new uri\n- `nginx_proxy_redirect_map_locations`: List of dictionaries of locations to be mapped using `nginx_proxy_redirect_map`\n  - `location`: An nginx location to be mapped\n  - `code`: Optional HTTP redirect status code, default `302` (use `301` for a permanent redirect)\n- `nginx_proxy_direct_locations`: List of dictionaries of locations to be handled directly with the following fields. `location` is required, along with at least one of the other fields:\n  - `location`: An nginx location to be mapped (required)\n  - `redirect301`: The new uri to redirect to with code 301\n  - `redirect302`: The new uri to redirect to with code 302\n  - `index`: Nginx index locations\n  - `root`: Root directory for requests\n  - `alias`: Alias this directory to location\n  - `custom`: List of additional configuration directives\n\n- `nginx_proxy_block_locations`: List of locations which should be blocked (404)\n\nUse `nginx_proxy_direct_locations` with `redirect*` if you need to redirect based on Nginx `location` only, use `nginx_proxy_redirect_map` with `nginx_proxy_redirect_map_locations` if you also want to redirect based on query arguments.\n\nWebsockets:\n\n- `nginx_proxy_websockets_enable`: This must be `True` if any proxies require proxying of websockets, default `False`\n\nCaching:\n\n- `nginx_proxy_cache_parent_path`: The parent directory for the nginx caches (optional)\n- `nginx_proxy_caches`: List of dictionaries of cache specifications with fields:\n  - `name`: Name of the cache\n  - `keysize`: Amount of shared memory to use for storing cache keys\n  - `maxsize`: Upper limit of the size of the cache\n  - `inactive`: Time that items should be cached for\n  - `match`: List of patterns to be stored in this cache, you probably want one item with the value `default` somewhere\n- `nginx_proxy_cache_skip_uri`: List of URI patterns that shouldn't be cached (default: everything that doesn't match `nginx_proxy_cache_match_uri`)\n- `nginx_proxy_cache_match_uri`: List of URI patterns that should be cached\n- `nginx_proxy_cache_skip_arg`: List of query patterns that shouldn't be cached (default for this is always the result of `nginx_proxy_cache_*_url`)\n- `nginx_proxy_cache_match_arg`: List of query patterns that should be cached (default for this is always the result of `nginx_proxy_cache_*_url`)\n\n- `nginx_proxy_set_header_host`: Override the hostname seen by the backend proxy, default is to use the Nginx `$host` variable (recommended for most cases)\n- `nginx_proxy_forward_scheme_header`: A header to be set containing the scheme (e.g. `http`, `https`) that will be passed to the backend\n- `nginx_proxy_debug_cache_headers`: If `True` add extra headers for debugging (not for production), default `False`\n- `nginx_proxy_cache_ignore_headers`: Headers to be ignored, e.g. `'\"Set-Cookie\" \"Vary\" \"Expires\"'`\n- `nginx_proxy_cache_hide_headers`: Headers to be hidden from clients in cached responses, must be a list e.g. `[Set-Cookie]`\n- `nginx_proxy_cache_key`: Override the default Nginx cache key, for example `\"$host$request_uri\"` to ignore session cookies\n- `nginx_proxy_cache_key_map`: Optionally map `nginx_proxy_cache_key` to the desired cache key, for instance if you want to ignore part of the url. This should be a list of dictionaries with fields:\n  - `match`: Match in nginx_proxy_cache_key\n  - `key`: The cache key\n`nginx_proxy_cache_key` is always included as the default.\n- `nginx_proxy_cache_use_stale`: Situations in which stale cache results should be returned, see `defaults/main.yml` for default, if enabled this will also turn on background updates.\n- `nginx_proxy_cache_lock_time`: Prevent multiple backend requests to the same object (subsequent requests will wait for the first to either return or time-out), default 1 minute\n- `nginx_proxy_cachebuster_enabled`: Set to `True` to enable cache-busting on port `nginx_proxy_cachebuster_port`\n\nWarning: for convenience, put `nginx_proxy_cache_parent_path` on a separate partition (calculate size of the partition based on `max_size` set on disk caches).\n\nWarning: If SELinux is enabled you may need to update your policy yourself to allow Nginx to bind to a non-standard port (typically 80, 81, 443, 488, 8008, 8009, 8443, 9000 are allowed).\n\nAdditional custom configuration:\n\n- `nginx_proxy_conf_http`: Additional directives to be added to top-level `http` context\n- `nginx_proxy_additional_maps`: List of custom Nginx maps for use in other custom configuration\n- `nginx_proxy_additional_directives`: List of additional directives to be added to the proxy `server` context\n- `nginx_proxy_systemd_setup`: Start/restart nginx using systemd, default `true`, if you want to manage Nginx yourself set this to `false`\n\n\nRole Variables: Multiple sites\n------------------------------\n\n- `nginx_proxy_sites`: Additional sites can be configured by creating an array of dictionaries overriding the above \"Main site\" parameters.\n  The default: `nginx_proxy_sites: { nginx_proxy_is_default: True }` mean a single site will be created using the parameters defined above.\n  Most parameters are supported in site specific configurations with the exception of those named `nginx_proxy_*cache*`, and `nginx_proxy_redirect_map`.\n  One site-specific additional parameter is supported:\n  - `nginx_proxy_is_default`: If `True` this is the default Nginx site, default `False`.\n\n\nExample Playbooks\n-----------------\n\nProxy:\n- http://localhost/ to http://a.internal/ statically, make a single DNS request for `a.internal` at the start\n- http://localhost/b to http://b.internal/subdir dynamically, making a DNS request for `b.internal` on every request\n\n```yml\n- hosts: localhost\n  roles:\n  - role: ome.nginx_proxy\n    nginx_proxy_backends:\n    - location: /\n      server: http://a.internal\n    - name: testb\n      location: /b\n      server: http://b.internal/subdir\n      dynamic: True\n```\n\nAdvanced configuration: force https, use HSTS, enable HTTP2\n\n```yml\n- hosts: localhost\n  roles:\n  - role: ome.nginx_proxy\n    nginx_proxy_backends:\n    - location: /\n      server: http://a.internal\n      cache_validity: 1h\n    nginx_proxy_worker_processes: 4\n    nginx_proxy_404: '/404.html'\n    nginx_proxy_ssl: True\n    nginx_proxy_ssl_certificate: /etc/nginx/ssl/website.crt\n    nginx_proxy_ssl_certificate_key: /etc/nginx/ssl/website.key\n    nginx_proxy_http2: True\n    nginx_proxy_force_ssl: True\n    nginx_proxy_hsts_age: 31536000\n    nginx_proxy_conf_http:\n      - \"client_max_body_size 500m\"\n      - \"server_tokens off\"\n```\n\n\n\nAuthor Information\n------------------\n\nome-devel@lists.openmicroscopy.org.uk\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fome%2Fansible-role-nginx-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fome%2Fansible-role-nginx-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fome%2Fansible-role-nginx-proxy/lists"}